Apple has released today an iOS security update to patch a bug the company accidentally un-patched in an earlier release, introducing a security weakness that allowed hackers to craft new jailbreaks for current iOS versions. From a report: The original bug, discovered by Ned Williamson, a Google Project Zero security engineer, allows a malicious app to exploit a “user-after-free” vulnerability and run code with system privileges in the iOS kernel. iOS version 12.4.1, released today, re-patches this bug that was initially fixed in iOS 12.3 but was accidentally unpatched in iOS 12.4, last month. Sadly, Apple’s blunder didn’t go unnoticed and earlier this month, a security researcher named Pwn20wnd released a public exploit based on Williamson’s bug that could be used to jailbreak up-to-date iOS devices and grant users complete control over their iPhones. But while users taking a risk and jailbreaking their own devices doesn’t sound that dangerous, a lesser-known fact is that malware operators and spyware vendors can also use Pwn20wnd’s jailbreak as well.

Read more of this story at Slashdot.

Source: Slashdot – Apple Patches iPhone Jailbreaking Bug